analyze
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality requires processing potentially untrusted data from the local environment.
- Ingestion points: Per the instructions in
SKILL.md, the agent is prompted to read and analyze "trace events, logs, metrics, configs, git history, and file:line behavior" to gather evidence. - Boundary markers: The skill does not implement boundary markers or specific instructions to the model to ignore or escape any natural language instructions that might be embedded within the analyzed artifacts (e.g., malicious payloads hidden in log files).
- Capability inventory: While the skill itself focuses on analysis, it is capable of cross-file reasoning and can route tasks to other specialized agents or orchestration tools like
$teamandask_codex. - Sanitization: The instructions lack requirements for sanitizing, validating, or filtering the content of external files before they are included in the agent's context window.
Audit Metadata